GreenSQL, a company that SecurityWeek first met earlier this year during the RSA Conference, recently released the results of a poll that included more than 6,000 customers, IT administrators, DBAs, InfoSec practitioners, and consultants. The results, when focused on information security and database security, show that the majority fear SQL Injection vulnerabilities.
The respondents were all in the SMB space, which is where most of the database breaches in 2011 came from, so it is natural that they are hyperaware of the threat. Thus, when 51% of them named SQL Injection attacks as a primary concern, either from external or internal sources, you could almost argue that this was expected.
Perhaps so, but SQL Injection remains the top method used by attackers in order to gain unauthorized access to data, and it has been a major attack vector for years, so awareness in situation is a lot like being close in a game of hand grenades.
In addition to SQL Injection, other data protection concerns expressed by the study’s respondents include internal threats (31%), such as unauthorized access, DBA errors, and data exposure to non-privileged users; and compliance (18%).
“In today’s environment, it isn’t a matter of whether you will be hacked, but when. Cybercriminals recognize that not only enterprises but also SMBs are especially vulnerable,” said GreenSQL CEO, Amir Sadeh.
“Databases contain the crown jewels of an organization, which means a break-in by insiders or outsiders can cost millions in fines, lawsuits, and customer attrition.”
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
